The US National Security Agency (NSA) is warning organizations to create patches or take mitigation measures to close a vulnerability in several VMware products that are being exploited by government-sponsored Russian hackers to hijack authentication tokens and access sensitive data access other systems.

The vulnerability recorded as CVE-2020-4006 is a command injection flaw in the web administration interface of VMware Workspace One Access, VMware Workspace One Access Connector, VMware Identity Manager (vIDM), VMware Identity Manager Connector, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. By exploiting the flaw, attackers can execute commands on the underlying operating system.

“The exploitation via command injection resulted in the installation of a web shell and subsequent malicious activity that generated credentials in the form of SAML authentication assertions and sent them to Microsoft Active Directory Federation Services (ADFS), which in turn granted the actors.



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.